--- Alex aka Magobin <magobin(a)gmail.com> wrote:
On mar, 2006-04-04 at 06:59 -0700, Susan wrote:
>
> --- Alex aka Magobin <magobin(a)gmail.com> wrote:
> > Ok...omit cluster...if I have a server Fedora DS (A) that it's ssl
> > server too...until A is alone I configure my clients to point at this
> > server for authentication and I tested it works perfectly..now I want
> > another server for load balancing replicated in
> > multimaster(B)...now...how can I set up ssl for this scenario ? This
>
> I have this exact setup. 2 FDSs, MMR over SSL.
>
yes, you have this scenario like me...I maked my test with your help
too...but how can you authenticate clients?....They always point to cn
that exports CA...so if you maked CA on A...and you shutdown it DS is
still up in B but clients never login using B because CN is different
and they report that hostname does not match CN in peer certificate...
If A is down, the clients go to B because of this entry: (in the client's
/etc/openldap/ldap.conf):
HOST cnyldap01 cnjldap01
Now, I'm not verifying the FDS identity so I'm not using FQDN but that's a
minor point. If
cnyldap01 is down, it goes to cnjldap01 immediately. There's about a half a second
delay.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com